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SYSTEM AND METHOD FOR INTERCONNECTING MULTIPLE VIRTUAL 

PRIVATE NETWORKS 

5 This application claims priority to the following provisional patent applications, 

which are incorporated herein by reference in their entireties: 

(I) Provisional Application Serial No. 60/151,563, titled "Method & Apparatus 
For a Globalized Automotive Network & Exchange," filed on August 31, 1999, and 
having reference no, 99,532 (479.83581). 
10 BACKGROUND OF THE INVENTION 

Field of the Invention 
The present invention relates to virtual private networks. More particularly, the 
present invention relates to virtual private networks wherein in each virtual private 
network, multiple service providers can be utilized by the trading partners of the virtual 
1 5 private network. The end-to-end service quality of the connection within the virtual 
private network is guaranteed to meet minimum requirements. The end-to-end service 
quality encompasses numerous factors including: network services; interoperability; 
performance; reliability; disaster recovery and business continuity; security; customer 
care; and trouble handling. The system and method of the present invention is directed to 
20 the interconnection of multiple virtual private networks each having multiple service 
providers. Furthermore the present invention encompasses a system and method for 
interconnecting multiple interconnect providers, such as exchange points, exchange 
networks, direct connect or transit service providers, between the multiple virtual private 
networks. Finally, the present invention employs an end-to-end overseer across the 
25 multiple virtual private networks. 

Description of the Related Art 
Early in 1994, the automotive industry recognized the need for global network 
services that would support more new demanding automotive business applications. The 
purpose of this network service was to simplify complex, redundant, outdated connection 
30 methods while minimizing costs and ensuring the management, security, reliability, and 
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performance essential to the automotive industry. Transport Control Piotocol/Intemet 
Protocol (TCP/IP) was endorsed as the standard suite for electronic data communications. 

Ultimately in 1995, the industry fomied a Telecommunications Project Team to 
oversee the design and development of a common global communication infrastructure 

5 supporting automotive industry application initiatives (later called the Automotive 
Network eXchange (ANX) Implementation Task Force). The Task Force, in June 1997, 
published the initial results of the technical design process for this new network service, 
called the Automotive Network eXchange (ANX), m "ANX Release 1 Draft Document 
Publication" (TEL-2 01.00). This reference is incorporated herein by reference in its 

10 entirety. The TEL-2 specification undergoes constant updating and correction. 

The ANX system is a business-to-business communications infrastructiu-e that 
provides a uniform, secured link between trading partners, such as manufacturers and 
suppliers, in the automotive industry. The ANX is a subscription-based network 
composed of Certified Service Providers (CSP). CSPs are providers of IP network 

15 service that have satisfied certain service end-to-end quaUty. CASPs are certificate 
authority service providers. The Certified Exchange Point Operator (CEPO) provides 
services to interconnect CSPs. CEPOs also must satisfy certain end-to-end service 
quality requirements. 

Trading Partners (TP) are registered end users, or subscribers, of the ANX system 

20 such as automotive parts manufacturers, suppliers, original equipment manufacturers, and 
car manufacturers. The ANX system allows TPs to communicate, exchange information, 
and transact business with other TPs over the ANX network. The TP may utilize any 
TCP/IP-compliant application program to exchange information with other TPs. The 
registered TP selects the TPs with which it wants to communicate and thereafter may 

25 gain access to and receive communications from those selected TPs. As a result, the 
ANX system allows each TP to develop its own virtual private network with its 
customers and vendors. 

The ANX system significantly reduces the complexity of connecting to multiple 
trading partners. Since there are diverse communication protocols for the trading 

30 partners, separate links are required to access each trading partner, 

2 
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By having a single private network operated under a uniform protocol, 
interconnectivity between various trading partners is substantially simplified. In addition, 
ANX offers improved end*to-end service quality. For example, if an auto manu&cturer 
needs to place with its parts supplier an order for car seats, the manufacturer may submit 
5 over the ANX system its confidential CAD drawings directly to the supplier. The 
manufacturer may also fill out the order form that the supplier may have for filling orders 
and timely submit over the ANX system due to its high reliability and performance. 

The CSP and the CEPO must satisfy certain performance and security 
requirements in order to be certified under the ANX. The certification process is 
10 disclosed in ANX Release 1 Document Publication (TEL-2 02.00), which is incorporated 
herein by reference in its entirety. 

The ANX VPN permits the use of a plurality of different IPSec devices. By 
virtue of the TEL-2 specification and the certification process all of the designated IPSec 
device are guaranteed to communicate with one another across the ANX VPN. 
IS While the ANX was originated out of the need to interconnect automotive related 

companies, it is not limited to that industry. Any company/industry may become a TP, 
e.g. an aerospace company, a healthcare company, etc. ANX has become known as the 
Advanced Network eXchange. 

With the advent of the Internet, global communication has become a reality. 
20 While the Internet works well for non-mission critical applications, such as transmitting 
and receiving e-mail and hosting websites, it has some drawbacks for business-to- 
business commerce and communication that require stringent end-to-end service quality. 
Quality concerns are in the area of end-to-end service quality as explained previously. 

For example, when two companies want to communicate over the Internet, the lag 
25 between the systems at each company will be different virtually every time. The 

connection each has through their service provider, i.e. 14.4K, 28.SK, 56K, ISDN, DSL, 
TI, etc., plus the number of servers through which the connection is directed contribute 
to the resulting lime lag between the two companies. Depending upon the type of 
information transmitted, the two parties may require a maximum acceptable time lag. 
30 Due to the nature of the Internet, it cannot guarantee such a maximum time lag. 
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Furthermore, the two companies may desire that service assistance be available at certain 
times or 24 hours a day. The Internet has no such guarantees for help availability in a 
multi-provider environment. Such a lack of guaranteed bandwidth, latency and reliability 
are major impediments to business-to-business commerce and communication over the 
5 Internet. 

In recent years the number of electronic viruses and hacker attacks has increased 
dramatically. A company considering conducting business-to-business commerce over 
the Internet runs the risk of making their intranet vuhierable to such viruses and attacks 
with the potential related loss of data. 
10 In order to address the security issue, some companies have developed virtual 

private networks (VPNs), Secure VPNs permit a company to communicate with any 
other entity on the network without the risk of increased vulnerability to viruses and 
hackers. However, while VPNs can connect to other VPNs over the Internet by 
providing authentication, access control, confidentiality and data integrity, there is still no 
1 5 way the end-to-end quality of the connection can be guaranteed to meet a required set of 
minimum standards in a multi-provider setting. 

A secure VPN is a communication network that is secured with encryption and 
authentication. Secure VPNs are based on multiple technologies, for example IPSec, 
tunneling, certification and shared secret authentication. IPSec is the security standard 
20 established by the Internet Engineering task Force (IETF). Tunneling permits private 
networks to cross the Internet using unregistered IP addresses. 

SUMMARY OF THE INVENTION 
From the foregoing, it is desirable to provide a system and method for 
interconnecting multiple VPNs each using multiple service providers while offering a 
25 minimum standard of end-to-end service quality. 

The system and method of the present invention utilizes an overseer that defines 
the service quality, continually qualifies service providers as meeting that service quality, 
and resolves end-to-end issues across multiple interconnected virtual private networks, 
such as the ANX. When connecting multiple virtual private networks according to the 
30 system and method of the present invention multiple interconnect providers are 

4 
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interconnected, and the manner in which these interconnect providers are interconnected 
so that the quality and reliabiUty standards is met are another aspect of the present 
invention. 

Certification of IPSec devices peraiits interoperability for encryption, integrity 
S and authentication across the product of all IPSec vendors. When two subscriber 
companies both use certified IPSec equipment then they can provide each other with 
controlled access to each other's networks. 

Based on the foregoing, an object of the present invention is to provide a system 
and method of interconnecting multiple VPNs each using multiple service providers 
10 while offering a minimum standard of end-to*end connection quality and reliability. 

Another object of the present invention is to provide a system and method of 
interconnecting muUiple VPNs having an overseer that resolves end-to-end issues across 
multiple virtual private networks. 

Still another object of the present invention is to provide a system and method of 
1 5 connecting muhiple virtual private networks in which multiple interconnect providers are 
interconnected so that the end-to-end service quality is met. 

DETAILED DESCRIPTION OF THE DRAWINGS 
The foregoing and other attributes of the present invention will be described with 
respect to the following drawings in which: 

20 

Fig. 1 is a block diagram of two interconnected virtual private networics according 
to the present invention; 

Fig. 2 is a configuration of governance and management of separate virtual 
25 private networks; 

Fig. 3 is a configuration of governance and management of interconnected virtual 
private networks according to the present invention; 

5 
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Fig. 4 is an interconnection configuration for governance of multiple inter- 
connected virtual private networks according to the present invention; 

Fig, 5 is a flow chart showing contractual obligations according to the present 
5 invention; 

Fig. 6 is a diagram illustrating end-to-end latency in a virtual private networic 
having multiple service providers; 

1 0 Fig. 7 is a diagram illustrating end-to-end availability in a virtual private network 

having multiple service providers; 

Fig. 8 is a diagram illustrating trouble handling in a virtual private network 
having multiple service providers; 

15 

Fig. 9 is a diagram illustrating an accountability model for a single virtual private 
network having multiple service providers; 

Fig. 10 is a diagram illustrating an accountability model for multiple virtual 
20 private networks having multiple service providers according to the present invention; 

Fig. 11 is a diagram illustrating end-to-end interconnection of two virtual private 
networks according to the present invention; 

25 Fig. 12 is a diagram illustrating a trouble escalation model for intercormection of 

two virtual private networks according to the present invention; 

Fig. 13 is a diagram illustrating a multiple virtual private network fee model for 
interconnection of two virtual private networks according to the present invention; is a 

6 
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diagram illustrating interconnection of two virtual private networks using a multiple 
transit certified service providers according to the present invention; 

Fig. 14 is a diagram illustrating interconnection of two virtual private networks 
5 using a single transit certified service provider according to the present invention; 

Fig. 15 is a diagram illustrating interconnection of two virtual private networics 
using a multiple transit c^fied service providers according to the present invention; 

1 0 Figs. 16 is a diagram illustrating interconnection of multiple virtual private 

networks using a multiple transit certified service providers, where no single transit 
certified service provider connects all of the virtual private networks according to the 
present invention; and 

1 5 Figs. 1 7a - c are alternative configurations for interconnecting multiple virtual 

private networks according to the present invention. 
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DETAILED DESCMPTION OF THE PREFERRED EMBODIMENTS 

Fig. I shows a block diagram of two interconnected virtual private networks 20 
and 22. The present system and method of the interconnecting multiple virtual private 

5 networks is not intended to be limited to only these types of networics and has 
applicability to a wide variety of virtual private networks. 

Each virmal private network 20 and 22 is shown having a trading partner (TP) 24 
and 26, respectively. While Fig. 1 shows only one TP 24 and 26 for each virtual private 
network, there can in fact be hundred or thousands of such TPs for each virtual private 

10 network. Fig. 1 is intended to define the end-to-end service quality concept, and for such 
a purpose, only one TP 24 and 26 is need for each virtual private network 20 and 22. 

The end-to-end service quality, provided by the present system and method of 
interconnecting multiple virtual private networks, cannot be achieved by simply 
interconnecting two virtual private networks, such as 20 and 22, with a wire. The end-to- 

1 5 end service quality incorporates a user-centric philosophy, where the user is the TP or 
subscriber. The user is guaranteed a minimum level of service encompassing factors that 
include: network services; interoperability; performance; reliability; disaster recovery and 
business continuity; security; customer care; and trouble handling. Simply connecting 
the two virtual private networks 20 and 22 with a wire will not achieve the minimum 

20 satisfactory levels for these factors. 

To achieve such minimum levels of satisfactory performance for these factors the 
system and method must include a way to resolve disputes between the two virtual 
private networks. Referring to Fig. 2, each VPN 20 and 22 is shown as having its own 
governance, program management, coopetition policy, contracts, service assurance, and 

25 service description. While each virtual private network can operate with a successful 

level of end-to-end service quality when each VPN is not interconnected to another VPN, 
the governance, program management, coopetition policy, contracts, service assurance, 
and service description may need to be revised when interconnecting two or more VPNs 
in order to maintain the end-to-end service quality. It will be appreciated that at the very 

8 
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least the interconnection of at least two VPNs adds at least one additional level of 
complexity with regard to service between the VPNs. 

One resolution is shown in Fig. 3» in which each VPN 20 and 22 maintain their 
own governance, but the program management, coopetition policy, contracts, service 
S assurance, and service description for the two VPNs 20 and 22 are unified. Such 
unification means that where the parameters for the program management, coopetition 
policy, contracts, service assurance, and service description of the two VPNs 20 and 22 
are different, the parameter used in one of the networks is chosen as the acceptable 
minimum standard or a compromise parameter different from the parameter used in each 
1 0 or the VPNs is agreed upon. It is possible that the parameters for communication within 
each VPN need not change, while the new parameters are used only when 
communicating between VPNs. Fig. 3 further shows that the system and method 
contemplate connecting more than two VPNs. 

One configuration for governance of multiple interconnected VPNs is shown in 
1 5 Fig. 4. In this scenario each VPN has its own program overseer (POVER) 30, and a 
global, or multiple virtual private networic, overseer 32 is provided to resolve issues 
between the POVERs 30. Arrows are shown between die POVERs 30 indicating that the 
POVERs 30 are firee to resolve their issues without requiring the GOVER 32. The 
COVER is called on when direct POVER-to-POVER resolution fails. Eaeh of the 
20 POVERs 30 governs one of the regional VPNs, while the GOVER 32 oversees the 
interconnection of the VPNs. 

The GOVER is responsible for end-to-end quaUty assurance, and in particular acts 
as an inter- VPN interconnection certifier. The GOVER certifies interconnection 
facilities, and certifies a global CASP-CASP trust model. The GOVER also is an inter- 
25 VPN arbitrator that steps in when POVERs cannot resolve trouble between them. 
Since the VPNs are used to running theirnetworks in isolation, the 
interconnection of multiple VPNs has unique issues such as resolving trouble and 
conflicts between the VPNs and maintenance of minimum end-to-end service quality 
across the multiple programs. Since the system and method of the present invention are 
30 directed to providing specific end-to-end service quality, it must be possible for TPs to 
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quantify the end-to-end service quality levels, and these service quality levels must be 
sufficient to allow applications to work across the multiple VPNs. Therefore, a high level 
of metric compatibility and measurement techniques are required. 

In the ANX type VPN each TP, CSP and CEP must meet specified criteria to 
5 become certified and to maintain that certification. The certification provides the TPs or 
subscribers with confidence that the level or transport and security will meet their 
business needs. The ANX type VPN utilizes multiple CSPs. On one level it is easier to 
run a VPN where all TPs are required to use a single CSP. The use of multiple CSPs in 
the ANX type VPN fosters competition between the CSPs and allows the VPN to reach 

10 TPs that may not be serviced by a single CSP. The implementation of multiple CSPs, 
however, brings with it the drawback of insuring that the CSPs can talk to one another. 
Whether the connection firom one TP to another TP within the same VPN is through a 
single CSP of two CSPs should be invisible to the TPs. The TPs need never know when 
one or more CSPs are used for any particular connection. The certification process 

1 5 ensures that the TPs use one of the certified IPSec devices at their premises, and that the 
CSPs will utilize certified equipment and meet certain metrics so as to achieve the end-to- 
end service quality guaranteed to the TPs. In this manner, the multiple CSPs will be able 
to communicate with one another. The CSPs must meet business criteria, technical 
metrics, ongoing monitoring, trouble-handling criteria, routing registry criteria, and 

20 domain name registry criteria to achieve and maintain certification. 

Fig. 5 shows the contractual obligations of the members of an ANX-type VPN. 
The TPs 40 contract with the VPN, as denoted in Fig. 5 by the arrows to the overseer 50, 
and contract with one of the multiple CSPs 42. The CSPs contract with the VPN and 
with the CEPO 44. The CEPO 44 contracts with the VPN. Each entity is responsible for 

25 the services that that entity provides. 

The technical metrics for achieving end-to-end service quality in the ANX-type 
network include among other metrics, latency and availability. Fig. 6 illustrates the end- 
to-end latency within the ANX network. The TPl router 60 is connected to ANX CSPi 
62, which in turn is connected to ANX CEPO 64. TP2 router 66 is connected to ANX 

30 CSP2 68, which is connected to ANX CEPO 64. The packet latency from each router 60 
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and 66 through the corresponding CSP is 125 msec. The latency through the ANX CEPO 
is on the order of microseconds. The total packet Iat»cy through the network is 
therefore only sli^tly more than 250 msec. 

Fig. 7 illustrates the end-to-end availability metric. The Access network between 
the TPl router 60 and the ANX CSP| 62 is permitted to be unavailable 43.80 hours/year. 
The ANX CSP, 62 may only be unavailable 2.63 hrsiyear. The trunk 65 between the 
ANX CSP, 62 and the ANX CEPO may only be unavailable 1 .76 hrs./year. The ANX 
CEPO may only be unavailable 0.44 hours/year. The foregoing availabilities yield a total 
of 99.895% availability or 9.22 hours per year downtime. 

The outline for how trouble is handled within the ANX-type VPN is shown in 
Fig. 8. There are effectively five layers of trouble handling. At the first level trouble 
between TPs is handled directly between the two TPs. Similarly, issues between the TPs 
and the CSPs are handled between the two parties. CSPs and the CEPOs also resolve 
their troubles between the troubled parties. A network overseer is provided to handle 
troubles that carmot be handled in the foregoing scenarios. The overseer can take 
complaints from the TPS. the CSPs, and the CEPOs. 

A key to providing predictable end-to-end service quality is that the TPs must 
know the level of service they receive. To this end four service provider accountability 
levels exist. First, service providers, both interconnect providers and CSPs, must timely 
fix infrequent service provider troubles. Second, there must be end-to-end service 
provider cooperation to handle any troubles. Third, recourse must be provided to resolve 
disputes in the event of disagreement between CSPs and/or interconnect providers. 
Fourth, recourse must be provided to resolve continued non-compliance with the end-to- 
end service quality. 

Referring to Figs. 9 and 10, charts for single VPN and interconnected VPNs are 
shown, respectively. In Fig. 9, the CSPs 70. CEPOs 72 and CASPs 74 are accountable to 
the POVER 76. The POVER 76 is accountable to the body 78 representing the TPs. The 
body 78 is accountable a regional/national arbitration body 80. Where multiple VPNs are 
interconnected in Fig. 10, the CSPs 70, the CEPOs 72, and CASPs 74 are accountable to 
the POVERs 76. The POVERs 76 are accountable to a COVER 77, which in turn is 

11 
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accountable to the body 78. The body 78, instead of being accountable to the 
regional/national aibitration body 80» is accountable to an international arbitration body 
82. 

The GOVER/PO VER model is but one way to oversee ensuring of the end-to-end 
5 service quality and metric compatibility. How the ANX-type networks are connected 
will be discussed below. In this context there must be five key types of end-to-end 
technology compatibility: 1 network interconnection that ensures a trading partner on 
one VPN can reach any trading partner on the other VPN; 2 routing compatibility that 
ensures any trading partner on one VPN can logically reach nay TP on the other VPN; 3 

10 naming compatibility, e.g. so the web names or e-mail names of any trading partner on 
one VPN can be resolved to an address that is routable over the two VPNs; 4 IPSec 
compatibility; and 5 digital security certificate compatibility across multiple VPNs. 
While Figs. 9 and 10 refer to regional/national VPNs and international arbitration, the 
VPNs need not be limited to a specific countiy or geographical area. Any ANX-type 

1 S VPN, regardless of the location of its subscribers could be interconnected. 

While Fig. 1 illustrated the mtercoraiection of two VPNs 20 and 22, a significant 
element is missing. Fig. 1 1 shows two VPNs, that have multiple service providers, which 
are connected through an inter-program service provider, also called an intercormect 
provider. The Tel-2 specification is still used as the basic guide in determining the end- 

20 to-end service quality, however regional or particular VPN peculiarities, referred to as 
deltas, must be considered when establishing the interconnected end-to-end service 
quality standards. 

Returning to the GOVER/POVER model for overseeing interconnected VPNs; 
Fig. 12 illustrates an end-to-end trouble escalation model. It is expected that CSPs will 
25 work together to resolve trouble before contacting a POVER. Similarly, the POVERs 
and/or the POVERS and the intercormect provider are expected to work together to 
resolve trouble before contacting the GOVER. 

When expanding from a single VPN to interconnected VPNs the inherent costs of 
running the system naturally increase. How such costs are distributed is an important 
30 part of the system. As shown in Fig. 13, the POVERs 100 pay fees to the GOVER to 
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offset the costs of maintaining the COVER. The VPNs having multiple service providers 
in turn pay fees to support the POVER. Furthermore the inta-connect providers pay a 
certification fee to the COVER for certification as a intercoimect provide between 
VPNs. 

5 There are multiple methods of interconnecting multiple VPNs with interconnect 

providers. As shown in Fig. 14, all the VPNs, having multiple service providers, can be 
• interconnected using a single interconnect provider Alternatively, all the VPNs can be 
interconnected by multiple interconnect providers, as shown in Fig. 15, thereby creating 
competition between the interconnect providers, just as there is competition between the 

1 0 CSPs in a single xNX-type VPN. Finally, as shown in Fig. 1 6, where no suitable 
interconnect provider is available to connect all he VPNs having multiple service 
providers, multiple interconnect providers are used. These interconnect providers service 
different combinations of VPNs. In Fig. 16, interconnect provider 120 interconnects 
VPNs having multiple service providers 122, 124, and 126. Interconnect provider 130 

1 5 interconnects VPNs having multiple service providers 132 and 126. As a result, a TP of 
VPN 132 must connect through both Interconnect provider 130 and Interconnect provider 
120 to reach TPs of either VPN 122 or 124. 

How the muhiple VPNs interconnect will directly affect the resulting end-to-end 
service quality. Figs. 1 7a-c illustrate potential configurations of multiple VPNs. In Fig. 

20 17a a first TP 200 connects to a first CSV 210. The CSP210 connects to a first exchange 
point 220. The TP 200. CSP 2 10, and the exchange point 220 are withm a first VPN 240. 
A second TP 250 connects to a second CSP 260, which connects to a second exchange 
point 270. The TP 250, CSP 260 and exchange point 270 are within a second VPN 280. 
The two VPNs 240 and 280 are interconnected by an Interconnect provider 300, which is 

25 connected to the exchange points 220 and 270. 

In Fig. 17b TP 200, CSP 210, exchange point 220 and Interconnect provider 300 
are connected in the same manner shown in Fig. 17a. While the second TP 250 is 
connected to the CSP 260, the exchange point 270 is not provided. Instead CSP 260 is 
shown as connecting directly to the Interconnect provider 300. This embodiment 

13 
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encompasses the situation where the Interconnect provider 300 and CSP 260 are the same 
entity or are directly wired. Fig. 17c is similar to Fig. 16b, 
Except that Ae interconnect provider also acts as a CSP 320, and a third TP 310 is 
connected directly to the Interconnect provider 300/CSP 320. 

5 As stated previously, while the end-to-end service quality is based upon the TEL- 

2 specification, the degree to which the TEL-2 specification needs to be modified to 
interconnect multiple VPNs depends upon the chosen complexity of the interconnection. 
An xNX-type VPN uses a maximum of two CSPs between any two TPS. A larger value, 
either three or four, is needed for multiple VPNs. The Interconnect provider will account 

1 0 for one additional CSP, and for configuration set forth in Fig. 16, two Interconnect 
providers are employed in addition to the two CSPs yielding four CSPs. 

Having described several embodiments of the system and method for 
interconnecting multiple virtual private networks in accordance with the present 
invention, it is believed that other modifications, variations and changes will be suggested 

15 to those skilled in the art in view of the description tet forth above. It is therefore to be 
understood that all such variations, modifications and changes are believed to fall within 
the scope of the present invention as defined in the appended claims. 
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What is claimed is: 

1 . A system of intercomiecting multiple virtual private networks, each of said 
multiple private networks having multiple service providers, comprising: 

5 at least one interconnect provider for connecting said multiple virtual private 

networks, 

said multiple virtual private networks connected through said at least one 
interconnect provider having minimum standards for cross network services, virtual 
private network interoperability, inter-network performance, inter-network reliability, 
1 0 disaster recovery and business continuity, inter-netwoik security, inter-network customer 
care, and inter-network trouble handling. 

2. A system as recited in claim 1, further comprising a maximum acceptable 
latency between subscribers to different ones of said multiple virtual private networks. 

15 

3. A system as recited in claim 1, further comprising a maximum acceptable 
number of service providers between subscribers to different ones of said multiple virtual 
private networics. 

20 4. A system as recited in claim 1, further comprising a minimum acceptable 

period of unavailability of interconnected multiple virtual private networks. 

5. A system as recited in claim 1, wherein each of said multiple virtual private 
networks comprises a program overseer to ensure end*to-end service quality across each 

25 of said multiple virtual private networks. 

6. A system as recited in claim 5, further comprising a global overseer to ensure 
end-lo-end service quality across multiple ones of said muhiple virtual private networks. 
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7. A system as recited in claim 6, wherein said global overseer resolves disputes 
between ones of said program overseers for said multiple virtual private networks or said 
program overseers and said at least one interconnect provider. 

5 8. A system as recited in claim 5, wherein said program overseer for each one of 

said multiple virtual private networks resolves disputes between service providers within 
said one of said multiple virtual private networks. 

9. A system as recited in claim 6, wherein each of said program overseers and 
1 0 said multiple interconnect providers provides financial support to run said global 

overseer. 

10. A system as recited in claim 1, wherein management of said multiple virtual 
private networks, contracts by between service providers and interconnect providers, 

1 5 service assurance, service description and how service providers and interconnect 
providers collaborate and compete are unified across said multiple virtual private 
networks to ensure end-to-end service quality. 

1 1. A system as recited in claim 1, comprising muhiple interconnect providers, 
20 wherein no one interconnect provider services all of said multiple virtual private 

networks. 

12. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks, each of said virtual private networks having multiple 

25 subscribers, multiple service providers and at least one exchange point interconnecting 
said multiple service providers, with guaranteed end-to-end service quality, comprising 
the steps of: 

providing at least one interconnect provider disposed between a first set of said 
multiple service providers in one of said multiple virtual private networks and a second 
30 set of muhiple service providers in a second one of said multiple virtual private networks. 

16 
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13. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks as recited in claim 12, wherein one of said at least one 
transit seivice providers is also one of said multiple service providers within at least one 

5 of said multiple virtual private networks. 

14. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks as recited in claim 12, fiuther comprising the step of 
certifying all of said multiple service providers in all of said multiple virtual private 

10 networks, said multiple transit service providers, and said exchange points to ensure 
minimum end-to-end quality and security levels are maintained. 

15. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks as recited in claim 12, comprising the further step of 

1 5 providing at least one exchange point between a first set of said multiple service 
providers in one of said multiple virtual private networks and said at least one 
interconnect service provider. 

1 6. A method of interconnecting multiple interconnection providers between 
20 multiple virtual private networks as recited in claim 12, wherein a maximum number of 

service providers between two subscribers within one of said multiple virtual private 
networks is two, and the maximum number of said service providers and transit service 
providers between subscribers of difiercnt ones of said multiple virtual private networks 
is three. 

25 

1 7. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks as recited in claim 15, further comprising the step of 
providing ai least one second exchange point between a second set of said multiple 
service providers in another one of said multiple virtual private networks and said at least 

30 one transit service provider. 
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18. A system of interconnecting multiple virtual private networks, each of said 
multiple private networks having multiple service providers, comprising: 

at least one interconnect provider for connecting said multiple virtual private 
5 networks, 

each of said multiple virtual private networks comprising a program overseer to 
ensure end-to-end service quality across each of said multiple virtual private networks, 
and 

a global overseer to ensure end-to-end service quality across multiple ones of said 
1 0 multiple virtual private networks, 

said multiple virtual private networks connected through said at least one 
interconnect provider have: minimum standards for cross network services; virtual 
private network interoperability; inter-network performance; inter-network reliability; 
disaster recovery and business continuity; inter-network security; inter-network customer 
15 care; and inter-network trouble handling. 

19. A system as recited in claim 18, further comprising a maximum acceptable 
latency between subscribers to different ones of said multiple virtual private networks. 

20 20. A system as recited in claim 18, fiuther comprising a maximum acceptable 

number of service providers between subscribers to different ones of said multiple virtual 
private networks. 

21. A system as recited in claim 18, further comprising a minimum acceptable 
25 period of unavailability of interconnected multiple virtual private networks, 

22. A system as recited in claim 1 8, wherein said global overseer resolves 
disputes between ones of said program overseers for said multiple virtual private 
networks or said program overseers and said at least one interconnect provider. 

30 
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23. A system as recited in claim 1 8, wherein said program overseer for each one 
of said multiple virtual private networks resolves disputes between service providers 
within said one of said multiple virtual private networks. 

5 24. A system as recited in claim 1 8, wherein each of said program overseers and 

said multiple interconnect providers provides financial support to run said global 
overseer. 

25. A system as recited in claim 18, wherein maimgement of said multiple virtual 
1 0 private networks, contracts by between service providers and int^ormect providers, 
service assurance, service description and how service providers and interconnect 
providers collaborate and compete are unified across said multiple virtual private 
networks to ensure end-to-end service quality. 

15 26. A system as recited in claim 1 8, comprising multiple intercoimect providers, 

wherein no one interconnect provider services all of said multiple virtual private 
networks. 
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SYSTEM AND METHOD FOR INTERCONNECTING MULTIPLE VIRTUAL 

PRIVATE NETWORKS 



5 This application claims priority to the following provisional patent 

applications, which are incorporated herein by reference m their entireties: 

(1) Provisional Application Serial No. 60/151,563, titled **Method & 
Apparatus For a Globalized Automotive Netwoik & Exchange,** filed on August 31, 
1999, and having reference no. 99,532 (479.83581). 
10 BACKGROUND OF THE INVENTION 

Field of the Invention 
The present invention relates to virtual private networks. More particularly, 
the present invention relates to virtual private networks wherein in each virtual private 
network, multiple service providers can be utilized by the trading partners of the 
1 5 virtual private network. The end-to-end service quality of the connection within the 
virtual private network is guarinteed to meet minimum requirements. The end-to-end 
service quality encompasses numerous factors including: network services; 
interoperability; performance; reliability; disaster recovery and business continuity; 
security; customer care; and trouble handling. The system and method of the present 
20 invention is directed to the interconnection of multiple virtual private networics each 
having multiple service providers. Furthranore the present invention encompasses a 
system and method for interconnecting multiple interconnect providers, such as 
exchange points, exchange networks, direct connect or transit service providers, 
between the multiple virtual private networks. Finally, the present invention employs 
25 an end-to-end overseer across the multiple virtual private networks. 

Description of the Related Art 
Early in 1994, the automotive industry recognized the need for global network 
services that would support more new demanding automotive business applications. 
The purpose of this network service was to simplify complex, redundant, outdated 
30 connection methods while minimizing costs and ensuring the management, security, 
reliability, and performance essential to the automotive industry. Transport Control 
Protocol/Internet Protocol (TCP/IP) was endorsed as the standard suite for electronic 
data communications. 
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intimately in 1995, the industry fonned a Telecommunications Project Team 
to oversee the design and development of a common global communication 
infrastracture supporting automotive industry ^plication initiatives (Met called the 
Automotive Network eXchange (ANX) Implementation Task Force). The Task Force, 
5 in June 1997, published the initial results of the technical design process for this new 
network service, called the Automotive Network eXchange (ANX), in "ANX Release 
1 Draft Document Publication" (TEL-2 01 .00). This reference is incorporated herein 
by reference in its entirety. The TEL-2 specification undergoes constant updating and 
correction. 

10 The ANX system is a business-to-business communications infirastructure that 

provides a uniform, secured link between trading partners, such as manufacturers and 
suppliers, in the automotive industry. The ANX is a subscription-based network 
composed of Certified Service Providers (CSP). CSPs are providers of IP network 
service that have satisfied certain service end-to-end quality. CASPs are certificate 

15 authority sCTvice providers. The Certified Exchange Point Operator (CEPO) provides 
services to interconnect CSPs. CEPOs also must satisfy certain end-to-end service 
quality requirements. 

Trading Partners (TP) are registered end users, or subscribers, of the ANX 
system such as automotive parts manufacturers, suppliers, original equipment 

20 manufacturers, and car manufacturers. The ANX system allows TPs to communicate, 
exchange information, and transact business with other TPs over the ANX network. 
The TP may utilize any TCP/EP-compliant application program to exchange 
information witii otiier TPs. The registered TP selects the TPs with which it wants to 
communicate and thereafter may gain access to and receive communications &om 

25 those selected TPs. As a result, tiie ANX system allows each TP to develop its own 
virtual private network with its customers and vendors. 

The ANX system significantly reduces the complexity of connecting to 
multiple trading partners. Since there are diverse connnunication protocols for the 
trading partners, separate links are requured to access each trading partner. 

30 By having a single private network operated under a uniform protocol, 

interconnectivity between various trading partners is substantially simplified. In 

addition, ANX ofifers improved end-to-end service quality. For example, if an auto 

manufacturer needs to place with its parts supplier an order for car seats, the 

2 
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manufacturer may submit over the ANX system its confidential CAD drawings 
directly to flie supplier. The manufacturer may also fill out tiie order form that the 
supplier may have for filling orders and timely submit over the ANX system due to its 
high reliability and perfomiance. 
5 The CSP and the CEPO must satisfy certain performance and security 

requirements in order to be certified under the ANX. The certification process is 
disclosed in ANX Release 1 Document PubUcation (TEL-2 02.00), which is 
incorporated herein by reference in its entirety. 

The ANX VPN permits the use of a plurality of different IPSec devices. By 

10 virtue of the TEL-2 specification and the certification process all of the designated 
IPSec device are guaranteed to communicate with one another across the ANX VPN. 

While the ANX was originated out of the need to interconnect automotive 
related companies, it is not limited to that industry. Any company/industry may 
become a TP, e.g. an aerospace company, a healthcare company, etc. ANX has 

15 become known as the Advanced Network eXchange. 

With the advent of the Internet, global communication has become a reality. 
While the Internet works weU for non-mission critical applications, such as 
transmitting and receiving e-mail and hosting websites, it has some drawbacks for 
business-to-business commerce and communication that require stringent end-to-end 

20 service quality. Quality concerns are in the area of end-to-end service quality as 
explained previously. 

For example, when two companies want to communicate over the Intemet, the 
lag between the systems at each company will be different virtually every time. The 
connection each has through their service provider, i.e. 14.4K, 28.8K, 56K, ISDN, 

25 DSL, Tl, etc., plus the number of servers through which the connection is directed 
contribute to the resulting time lag between the two companies. Depending upon the 
type of information transmitted, the two parties may require a maximum acceptable 
time lag. Due to tiie nature of the Intraiet, it cannot guarantee such amaximum time 
lag. Furthermore, the two companies may desire that sendee assistance be available 

30 at certain times or 24 hours a day. The Intemet has no such guarantees for help 
availability in a multi-provider environment. Such a lack of guaranteed bandwidth, 
latency and reliability are major impediments to business-to-business commie and 
communication over the Intemet. 
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Id recent years the number of electronic viruses and hacker attacks has 
increased dramatically. A company coiisidering conducting business-to-business 
commerce over the Litemet runs the risk of making their mtranet vutoerable to such 
viruses and attacks with the potential related loss of data. 
5 In order to address the security issue, some companies have developed virtual 

private networks (VPNs). Secure VPNs permit a company to communicate wifli any 
other entity on the network without the risk of increased vuhierability to viruses and 
hackers. However, while VPNs can connect to other VPNs over the Mtemet by 
providing authentication, access control, confidentiality and data integrity, there is 
1 0 still no way the end-to-end quality of the connection can be guaranteed to meet a 
required set of minimum standards in a multi-provider setting. 

A secure VPN is a communication network that is secured with encryption and 
authentication- Secure VPNs are based on multiple technologies, for exanq)le IPSec, 
tunneling, certification and shared secret authentication. IPSec is the security 
15 standard estabUshed by the Internet Engineering task Force CDET^^ Tunneling 
permits private networks to cross the Ihtemet using unregistered IP addresses. 

SUMMARY OF THE INVENTION 
From the foregoing, it is desirable to provide a system and method for 
mterconnecting multiple VPNs each using multiple service providers while offering a 
20 minimum standard of end-to-end service quality. 

The system and method of the present invention utilizes an overseer that 
defines the service quality, continually qualifies service providers as meeting that 
service quality, and resolves end-to-end issues across multiple interconnected virtual 
private networks, such as the ANX. When connecting multiple virtual private 
25 networks according to the system and method of the present invention multiple 

interconnect providers are interconnected, and the manner in which these interconnect 
providers are intercoimected so that the quality and reliability standards is met are 
another aspect of the present invention. 

Certification of IPSec devices permits interoperability for encryption, integrity 
30 and authentication across the product of all IPSec vendors. When two subscriber 
companies both use certified BPSec equipment then they can provide each other with 
controlled access to each other's networks. 
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Based on flie foregoing, an object of the present invention is to provide a 
system and method of interconnecting multiple VPNs each using multiple service 
providers while offering a minimum standard of end-to-end connection quality and 
reliability. 

5 Another object of the present invention is to provide a system and mettiod of 

interconnecting multiple VPNs having an overseer that resolves end-to-end issues 
across multiple virtual private networks. 

Still another object of the present invention is to provide a system and method 
of connecting multiple virtual private networks in which multiple interconnect 
10 providers are mterconnected so that the end-to-end service quality is met. 

DETAILED DESCRIPTION OF THE DRAWINGS 
The foregoing and other attributes of the preseat mvention wiU be described 
with TQspect to the following drawmgs in which: 

15 Fig. 1 is a block diagram of two interconnected vktual private networks 

according to the present invention; 

Fig* 2 is a configuration of governance and management of sq)arate virtual 
private networks; 

20 

Fig. 3 is a configuration of governance and management of interconnected 
virtual private networks according to the present invention; 

Fig. 4 is an interconnection configuration for governance of multiple inter- 
25 connected virtual private networks according to the present invention; 

Fig. 5 is a flow chart showing contractual obligations according to the present 
invention; 

30 Fig. 6 is a diagram illustrating end-to-end latency in a virtual private network 

having multiple service providers; 
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Fig. 7 is a diagram illustrating end-to-end availability in a virtual private 
network having multiple service providers; 

Fig. 8 is a diagram illustrating trouble handling in a virtual private network 
5 having multiple service providers; 



Fig. 9 is a diagram illustrating an accountability model for a single virtual 
private network havmg multiple service providrars; 

10 Fig. 10 is a diagram illustrating an accountability model for multiple virtual 

private networks having multiple service providers according to the present invention; 

Fig. 11 is a diagram illustrating end-to-end interconnection of two virtual 
private networks according to the present invention; 

15 

Fig. 12 is a diagram illustrating a trouble escalation model for interconnection 
of two virtual private networks according to the present invention; 



Fig, 13 is a diagram illustrating a multiple virtual private network fee model 
20 for intercoxmection of two virtual private networks according to the present invention; 
is a diagram illustrating interconnection of two virtual private networks using a 
multiple transit certified service providers according to the present mvention; 

Fig. 14 is a diagram illustrating interconnection of two virtual private 
25 networks using a single transit certified service provider according to the present 
invention; 



Fig. 15 is a diagram illustrating intercoimection of two virtual private 
networks using a multiple transit certified sendee providers according to the present 
30 invention; 



Figs. 16 is a diagram illustrating interconnection of multiple virtual private 

networks using a multiple transit certified service providers, where no single transit 

6 
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certified service provider connects all of flie virtual private netwoiks according to the 
present invention; and 

Figs. 17a - c are alternative configurations fijr interconnecting multiple virtual 
5 private networks according to tiie present invention. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Fig. 1 shows a block diagram of two interconnected virtual private networks 
20 and 22. The present system and method of the interconnecting multiple virtual 
5 private networks is not intended to be limited to only these types of networics and has 
^plicability to a wide variety of virtual private networks. 

Each virtual private network 20 and 22 is shown having a trading partner (TP) 
24 and 26, respectively. While Fig. 1 shows only one TP 24 and 26 for each virtual 
private network^ there can in fact be hundred or thousands of such TPs for each virtual 
10 private network. Fig. 1 is intended to define the end-to-end service quality concept, 
and for such a purpose, only one TP 24 and 26 is need for each virtual private network 
20 and 22. 

The end-to-end service quality, provided by the present system and method of 
mtercoimecting multiple virtual private networks, cannot be achieved by simply 

15 interconnecting two virtual private networks, such as 20 and 22, witii a wire. The 
end-to-end service quality incorporates a user-centric philosophy, where the user is 
the TP or subscriber. The user is guaranteed a minimum level of service 
encompassing factors that include: networic services; interoperability; performance; 
reliability; disaster recovery and business continuity; security; customer care; and 

20 trouble handling, Simply connecting the two virtual private networks 20 and 22 with 
a wire will not achieve the minimum satis&ctozy levels for these factors. 

To achieve such minimum levels of satisfactory performance for these factors 
the system and method must include a way to resolve disputes between the two virtual 
private networks. Referring to Fig. 2, each VPN 20 and 22 is shovm as having its 

25 own governance, program management, coopetition policy, contracts, service 

assurance, and service description. While each virtual private network can operate 
with a successful level of end-to-end service quality when each VPN is not 
interconnected to another VPN, the governance, program management, coopetition 
policy, contracts, service assurance, and service description may need to be revised 

30 when interconnecting two or more VPNs in order to maintain the end-to-end service 
quality. It will be appreciated that at the very least the interconnection of at least two 
VPNs adds at least one additional level of complexity with regard to service between 
the VPNs. 
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One resolution is shown in Fig. 3, in which each VPN 20 and 22 maintain 
their own governance^ but the program management, coopetition policy, contracts, 
service assurance, and service description for the two VPNs 20 and 22 are unified. 
Such unification means that where tiie parameters for the program managment, 
5 coopetition policy, contracts, service assurance, and service description of the two 
VPNs 20 and 22 are different, the parameter used m one of the networks is chosen as 
the acceptable minimum standard or a compromise parameter different from the 
parameter used in each or the VPNs is agreed upon. It is possible that the parameters 
for communication within each VPN need not change, while the new parameters are 

10 used only when communicating between VPNs. Fig, 3 further shows that the system 
and method contemplate connecting more than two VPNs. 

One configuration for governance of multiple interconnected VPNs is shown 
in Fig. 4. In this scenario each VPN has its own program overseer (POVER) 30, and 
a global, or multiple virtual private network, overseer 32 is provided to resolve issues 

1 5 between the POVERs 30. Arrows are shown between the POVERs 30 indicating that 
the POVERs 30 are fiee to resolve their issues without requiring the GOVER 32. The 
COVER is called on when direct POVER-to-POVER resolution feils. Each of the 
POVERs 30 governs one of the regional VPNs, while the GOVER 32 oversees the 
interconnection of the VPNs. 

20 The GOVER is responsible for end-to-end quality assurance, and in particular 

acts as an inter-VPN interconnection certifier. The GOVER certifies interconnection 
facilities, and certifies a global CASP-CASP tmst model. The GOVER also is an 
inter-VPN arbitrator that steps in when POVERs cannot resolve trouble between 
them. 

25 Since file VPNs are used to nmning their networks in isolation, the 

interconnection of multiple VPNs has unique issues such as resolving trouble and 
conflicts between the VPNs and maintenance of minimum end-to-end service quality 
across the multiple programs. Since the system and mefiiod of the present invention 
are directed to providing specific end-to-end service quality, it must be possible for 

30 TPs to quantify the end-to-end service quality levels, and these service quality levels 
must be sufficient to allow applications to work across the multiple VPNs. Therefore, 
a high level of metric compatibility and measurement techniques are required. 
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In the ANX type VPN each TP, CSP and CEP must meet specified criteria to 
become certified and to maintain that certification. The certification provides the TPs 
or subscribers with confidence that the level or transport and security will meet their 
busmess needs. The AKX type VPN utilizes multiple CSPs. On one level it is easier 
5 to run a VPN where all TPs are required to use a single CSR The use of multiple 
CSPs in the ANX type VPN fosters competition between the CSPs and allows the 
VPN to reach TPs that may not be serviced by a single CSP. The inqjlementation of 
multiple CSPs, however, brings with it the drawback of insuring that the CSPs can 
talk to one another. Whether the connection fi-om one TP to another TP within the 

10 same VPN is through a single CSP of two CSPs should be invisible to the TPs. The 
TPs need never know when one or more CSPs are used for any particular connection. 
The certification process ensures tiiat the TPs use one of the certified IPSec devices at 
their premises, and that the CSPs will utilize certified equipment and meet certain 
metrics so as to achieve the end-to-end savice quahty guaranteed to the TPs. In this 

IS maimer, the multiple CSPs will be able to communicate with one another. The CSPs 
must meet business criteria, technical metrics, ongoing monitoring, trouble-handling 
criteria, routing registry criteria, and domain name registry criteria to achieve and 
maintain certification. 

Fig. 5 shows the contractual obligations of the members of an ANX-type 

20 VPN. The TPs 40 contract with the VPN, as denoted inFig. 5 by tiie arrows to flie 
overseer 50, and contract with one of the multiple CSPs 42. The CSPs contract with 
the VPN and with the CEPO 44. The CEPO 44 contracts with the VPR Each entity 
is responsible for the services that that entity provides. 

The technical metrics for achieving end-to-end service quality in the ANX- 

25 type network include among other metrics, latency and availability. Fig. 6 illxistrates 
the end-to-end latency within the ANX network. The TPl router 60 is connected to 
ANX CSPi 62, which in turn is connected to ANX CEPO 64. TP2 router 66 is 
connected to ANX CSP2 68, which is connected to ANX CEPO 64. The packet 
latency firom each router 60 and 66 tiirough the corresponding CSP is 125 msec. The 

30 latency through the ANX CEPO is on the order of microseconds. The total packet 

latency through the network is therefore only slightly more than 250 msec. 

Fig. 7 illustrates the end-to-end availabiUty metric. The Access network 

between the TPl router 60 and the ANX CSPi 62 is permitted to be unavailable 43.80 
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hows/year. The ANX CSPi 62 may only be unavailable 2,63 hrs7year. The trunk 65 
between the ANX CSPi 62 and the ANX CEPO may only be unavailable 1.76 
hrsVyear. The ANX CEPO may only be unavailable 0.44 hours/year. The foregoing 
availabilities yield a total of 99.895% availability or 9.22 houis per year downtime. 

5 The outline for how trouble is handled wittiin the ANX-type VPN is shown in 

Fig. 8. There are effectively five layers of trouble handling. At the first level trouble 
between TPs is handled directly between the two TPs, Similarly, issues between the 
TPs and the CSPs are handled between the two parties. CSPs and the CEPOs also 
resolve their troubles between the troubled parties. A network overseer is provided to 

1 0 handle troubles that cannot be handled in the foregoing scenarios. The overseer can 
take complaints &om the TPS, the CSPs, and the CEPOs. 

A key to providing predictable end-to-end service quaUty is that the TPs must 
know the level of service they receive. To this end four service provider 
accountability levels exist. First, service providers, botti mterconnect providers and 

1 5 CSPs, must timely fix infirequent service provider troubles. Second, there must be 
end-to-end service provider cooperation to handle any troubles. Third, recourse must 
be provided to resolve disputes in the event of disagreement between CSPs and/or 
interconnect providers. Fourth, recourse must be provided to resolve continued non- 
compliance with the end-to-end service quality. 

20 Referring to Figs. 9 and 10, charts for single VPN and interconnected VPNs 

are shown, respectively. In Fig. 9, the CSPs 70, CEPOs 72 and CASPs 74 are 
accountable to the POVER 76. The POVER 76 is accountable to the body 78 
representing the TPs. The body 78 is accountable a regional/national arbitration body 
80. Where multiple VPNs are interconnected m Fig. 10, the CSPs 70, the CEPOs 72, 

25 and CASPs 74 are accountable to the POVERs 76. The POVERs 76 are accountable 
to a COVER 77, which in turn is accountable to the body 78. The body 78, instead of 
being accountable to the regional/national aibitration body 80, is accountable to an 
international arbitration body 82. 

The GOVER/POVER model is but one way to oversee ensuring of the end-to- 

30 end service quality and metric compatibility. How the ANX-type networks are 
connected will be discussed below. In this context there must be five key types of 
end-to-end technology compatibility: 1 network interconnection that ensures a trading 
partner on one VPN can reach any trading partner on the other VPN; 2 routing 



SUBSTITUTE SHEET (RULE 26) 



wo 01/016766 PCT/USOO/23774 

compatibility that ensures any trading partner on one VPN can logically reach nay TP 
on the other VPN; 3 naming compatibility, e,g. so the web names or e-mail names of 
any trading partner on one VPN can be resolved to an address that is routable over the 
two VPNs; 4 IPSec compatibility; and 5 digital secmity certificate compatibility 
S across multiple VPNs. While Figs. 9 and 10 refer to regioiial/natioiial VPNs and 
intemational arbitration^ the VPNs need not be limited to a specific country or 
geogF^hical area. Any ANX-type VPN, regardless of die location of its subscribers 
could be interconnected. 

While Fig. 1 illustrated the interconnection of two VPNs 20 and 22, a 

10 significant element is missing. Fig. 1 1 shows two VPNs, that have multiple service 
providers, which are connected through an inter-program service provider, also called 
an intercoimect provider. The Tel-2 specification is still used as the basic guide in 
determining the rad-to-end service quality, however regional or particular VPN 
peculiarities, referred to as deltas, must be considered wh^ establishing the 

1 S interconnected end-to-end service quaUty standards. 

Returning to the GO VER/POVER model for overseeing interconnected VPNs; 
Fig. 12 illustrates an end-to-end trouble escalation model. It is expected that CSPs 
will work together to resolve trouble before contacting a POVER Sunilarly, the 
POVERs and/or the POVERS and the interconnect provider are expected to work 

20 together to resolve trouble before contacting the GOVER 

When expanding fiom a single VPN to interconnected VPNs the inherent 
costs of running the system naturally increase. How such costs are distributed is an 
important part of the system. As shown in Fig. 13, the POVERs 100 pay fees to the 
GOVER to offset tiie costs of maintainmg flie GOVER. The VPNs having multiple 

25 service providers in turn pay fees to support the POVER Furthermore the 

interconnect providers pay a certification fee to the GOVER for certification as a 
intercoimect provider between VPNs. 

There are multiple methods of interconnecting multiple VPNs with 
interconnect provides. As shown in Fig. 14, all the VPNs, having multiple service 

30 providers, can be interconnected using a single interconnect provider. Alternatively, 

all the VPNs can be interconnected by multiple hiterconnect providers, as shown in 

Fig. 1 5, thereby creating competition between the interconnect providers, just as there 

is competition between the CSPs in a single xNX-type VPN. Finally, as shown in 

12 
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Fig. 16, where no suitable interconnect provider is available to connect all he VPNs 
having multiple service providers, multiple interconnect providers are used. These 
intercoimect providers service different combinations of VPNs. In Fig. 16, 
interconnect provider 120 interconnects VPNs having multiple savice providers 122, 
5 124, and 126. Interconnect provider 130 interconnects VPNs having multiple service 
providers 132 and 126. As a result, a TP of VPN 132 must connect Ihrough both 
Interconnect provider 130 and Interconnect provider 120 to reach TPs of eiflier VPN 
122 or 124. 

How the multiple VPNs interconnect will directly affect the resulting end-to- 

10 end service quality. Figs. 17a-c illustrate potential configurations of multiple VPNs. 
In Fig. 17a a first TP 200 connects to a first CSP 210. The CSP210 connects to a first 
exchange point 220. The TP 200, CSP 210, and the exchange point 220 are within a 
first VPN 240. A second TP 250 connects to a second CSP 260, which connects to a 
second exchange point 270. The TP 250, CSP 260 and exchange point 270 are within 

15 a second VPN 280. The two VPNs 240 and 280 are interconnected by an 

Interconnect provider 300, which is connected to the exchange points 220 and 270. 

In Fig. 17b TP 200, CSP 210, exchange point 220 and Interconnect provide 
300 are connected in the same manner shown in Fig. 17a While the second TP 250 is 
connected to the CSP 260, the exchange point 270 is not provided. Instead CSP 260 

20 is shown as connecting directly to the Interconnect provider 300. This embodiment 
encompasses the situation where the Interconnect provider 300 and CSP 260 are die 
same entity or are directly wired. Fig. 17c is similar to Fig. 16b, 
Except that the interconnect provider also acts as a CSP 320, and a third TP 310 is 
connected directly to the Interconnect provider 300/CSP 320. 

25 As stated previously, while the end-to-end service quality is based upon the 

TEL-2 specification, the degree to which the TEL-2 specification needs to be 
modified to mterconnect multiple VPNs depends upon the chosen complexity of the 
interconnection. An xNX-type VPN uses a maximum of two CSPs between any two 
TPS. A larger value, either three or four, is needed for multiple VPNs. The 

30 fiiterconnect provider will account for one additional CSP, and for configuration set 
forth in Fig, 1 6, two Interconnect providers are employed in addition to the two CSPs 
yielding four CSPs. 

13 
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Having described several embodiments of the system and method for 
interconnecting multiple virtual private networks in accordance with the present 
invention, it is believed that other modifications, variations and changes will be 
suggested to those skilled in the art in view of the description set forth above. It is 
S therefore to be understood that all such variations, modifications and changes are 
believed to &I1 within the scope of the present invention as defined in the appended 
claims. 
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What is claimed is: 



1 . A system of interconnecting multiple virtual private networks, each of said 
multiple private networks having multiple service providers, comprising: 

5 at least one interconnect provide for connecting said multiple virtual private 

networks, 

said multiple virtual private networks connected through said at least one 
interconnect provider having minimum standards for cross network services, virtual 
• private network interoperability, inter-network performance, inter-network reliability, 
10 disaster recpveiy and business continuity, inter-network secinity, inter-network 
customer care, and inter-network trouble handling. 

2. A system as recited in claim 1, further comprising a maximum acceptable 
latency between subscribers to different ones of said multiple virtual private networks. 

15 

3. A system as recited in claim 1, fiirther con^rising a maximum acceptable 
number of service providers between subscribers to different ones of said multiple 
virtual private networks* 

20 4. A system as recited in claim 1, further comprising a minimum acceptable 

period of unavailability of intercoimected multiple virtual private networks. 

5. A system as recited in claim 1, wherein each of said multiple virtual private 
networks comprises a program overseer to ensure end-to-end service quality across 

25 each of said multiple virtual private networks. 

6. A system as recited in claim 5, further comprising a global overseer to 
ensure end-to-end service quahty across multiple ones of said multiple virtual private 
networks. 

30 

7. A system as recited in claim 6, wherein said global overseer resolves 

disputes between ones of said program overseers for said multiple virtual private 

networks or said program overseers and said at least one interconnect provider. 

15 
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8. A system as recited in claim 5, wherein said program overseer for each one 
of said multiple virtual private networte resolves disputes between service providers 
wi&in said one of said multiple virtual private networks. 

5 

9. A system as recited in claim 6, wherein each of said program overseers and 
said multiple interconnect providers provides financial support to nm said global 
overseer. 

10 10. A systCTi as recited in claim 1, wherein management of said multiple 

virtual private networks, contracts by between service providers and interconnect 
providers, service assurance, service description and how service providers md 
interconnect providers collaborate and compete are unified across said mulu pie virtual 
private networks to ensure end-to-end service quality. 

15 

1 1 . A system as recited in claim 1, comprising multiple interconnect 
pxx)viders, wherein no one interconnect provider services all of said multiple virtual 
private networks. 

20 12. A metfiod of interconnecting multiple interconnection providers between 

multiple virtual private networks, each of said virtual private networks having 
multiple subscribers, multiple service providers and at least one exchange point 
interconnecting said multiple service providers, with guaranteed end-to-end service 
quality, comprising the steps of: 

25 providing at least one interconnect provider disposed between a first set of 

said multiple service providers in one of said multiple virtual private networks and a 
second set of multiple service providers in a second one of said multiple virtual 
private networks. 

30 13. A method of interconnecting multiple interconnection providers between 

multiple virtual private networks as recited in claim 12, wherein one of said at least 

one transit service providers is also one of said multiple service providers within at 

least one of said multiplG virtual private networks. 

16 
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14. A method of intercoimecting multiple intarcoimection providers between 
multiple virtual private networks as recited in claim 12, further comprising the step of 
certifying all of said multiple service providers in all of said multiple virtual private 

5 networks, said multiple transit service providers, and said exchange points to ensure 
minimum end-to-end quality and security levels are maintained. 

15. A method of interconnecting multiple interconnection providers between 

' multiple virtual private networks as recited in claim 12, comprising the further step of 
10 providing at least one exchange point between a first set of said multiple service 
providers in one of said multiple virtual private networks and said at least one 
interconnect service provider. 

16. A method ofintercoimectiiig multiple interconnection providers between 
15 multiple virtual private networks as recited in claim 12, wherein a maximum number 

of service providers between two subscribers within one of said multiple virtual 
private networks is two, and the maximum number of said service providers and 
transit service providers between subscribers of different ones of said multiple virtual 
private networks is three. 

20 

17. A method of interconnecting multiple interconnection providers between 
multiple virtual private networks as recited in claim 15, further comprising the step of 
providing at least one second exchange point between a second set of said multiple 
service providers in another one of said multiple virtual private networks and said at 

25 least one transit service provider. 

18. A system of interconnecting multiple virtual private networks, each of 
said multiple private networics havmg multiple service providers, comprising: 

at least one interconnect provider for connecting said multiple virtual private 
30 networks, 

each of said multiple virtual private networks comprising a program overseer 
to ensure end-to-end service quality across each of said multiple virtual private 
networks, and 
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a global overseer to ensure end-to-end service quality across multiple ones of 
said multiple virtual private networks, 

said multiple virtual private networks connected through said at least one 
interconnect provider have: minimum standards for cross network services; virtual 
5 private network interoperability; inter-network perfom[iance; inter-network reliability; 
disaster recovery and business continuity; inter-network security; inter-network 
customer care; and inter-network trouble handling. 

19. A system as recited in claim 18, further comprising a maximum 

10 acceptable latency between subscribers to different ones of said multiple virtual 
private networks. 

20. A system as recited in claim 1 8, further comprising a maximum 
acceptable number of service providers between subscribers to different ones of said 

1 5 mult^le virtual private networks. 

21. A system as recited in claim 18, further con^rising a minimum acceptable 
period of unavailability of interconnected multiple virtual private networks. 

20 22. A system as recited in claim 1 8, wherein said global overseer resolves 

disputes between ones of said program overseers for said multiple virtual private 
networks or said program overseers and said at least one interconnect provider. 

23. A system as recited in claim 18, wherein said program overseer for each 
25 one of said multiple virtual private networks resolves disputes between service 

providers within said one of said multiple virtual private networks. 

24. A system as recited in claim 18, wherein each of said program overseers 
and said multiple interconnect provides provides financial support to run said global 

30 overseer. 

25. A system as recited in claim 18, wherein management of said multiple 

virtual private networks, contracts by between service providers and interconnect 

18 
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providers, service assurance, service desMiption and how service providers and 
interconnect providers collaborate and compete are unified across said multiple virtual 
private networks to ensure end-to-end service quality. 



5 26. A system as recited in claim 18, comprising multqjle interconnect 

providers, wherein no one interconnect provider services all of said multiple virtual 
private netwoiics. 
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